[AIX HP-UX Linux Solaris Windows][z/OS]

Configuring web service binding for LTPA authentication

Use this task to configure a web service binding to perform authentication using Lightweight Third-Party Authentication (LTPA) tokens.

Before you begin

Before you begin this task, install Service Component Architecture (SCA) application.

About this task

Policy sets can be used to configure web service bindings to perform authentication using LTPA tokens.

Procedure

  1. Configure the administrative and application security for the server.

    In order to secure the service so that it only accepts secure requests, and for the service to require authentication, administrative and application security must be enabled for the server. See Securing JAX-WS web services using message-level security.

  2. Configure the service to require message layer authentication by attaching the LTPA WSSecurity default policy set.

    To attach the LTPA WSSecurity default policy set, perform the task, mapping abstract intent to policy sets and policy management.

    In addition to attaching the policy set, you must configure the WS-Security policy to add a caller binding in order for the received subject to be propagated to the thread. To update the default binding to support the caller function, open the administrative console and navigate to Services > Policy sets > General provider policy set bindings > Provider sample > WS-Security > Callers . Create a new Caller with the following values:

    Name:  Specify any name for this configuration
    Caller identity local part:  LTPAv2
    Caller identity namespace URI:  http://www.ibm.com/websphere/appserver/tokentype

    For additional information on LTPA WSSecurity default policy set review the topic, WSSecurity default policy sets. Read also the article about configuring the WS-Security policy.

    The following code is an example of configuring the service to support LTPA authentication.

    <service name="AccountService">
      <binding.ws 
         qos:wsPolicySet="LTPA WSSecurity default" qos:wsServicePolicySetBinding="Provider sample"
         ... />
    </service>
    
  3. Configure the client by attaching the LTPA WSSecurity default policy set to a reference.

    An example of how to attach the LTPA WSSecurity default policy set to a reference is shown in the code block in this task step. Attaching the LTPA WSSecurity default policy set to a reference by default propagates any existing LTPA tokens on the thread with the request. It is also possible to configure the policy set to create a token for a specific user and send that token with all requests. Refer to the article, WSSecurity default policy sets for detail information.

    <reference name="AccountService">
      <binding.ws 
         qos:wsPolicySet="LTPA WSSecurity default"
         ... />
    </reference>
    

Results

When you finish this task, you have configured web service bindings to do LTPA authentication.

What to do next

You can proceed to configuring other application specific bindings.




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Feb 6, 2014 8:11:25 PM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-nd-mp&topic=twbs_sca_wsbind_auth_ltpa
File name: twbs_sca_wsbind_auth_ltpa.html